Date: Thu, 19 Apr 2001 10:48:19 +0100 From: Rasputin <rara.rasputin@virgin.net> To: security@freebsd.org Subject: Re: unknown process Message-ID: <20010419104819.A25707@dogma.freebsd-uk.eu.org> In-Reply-To: <20010419123915.A446@ringworld.oblivion.bg>; from roam@orbitel.bg on Thu, Apr 19, 2001 at 12:39:15PM %2B0300 References: <200104190324.VAA14081@faith.cs.utah.edu> <xzpzodd6xsh.fsf@flood.ping.uio.no> <20010419123915.A446@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
* Peter Pentchev <roam@orbitel.bg> [010419 10:42]: > On Thu, Apr 19, 2001 at 11:31:26AM +0200, Dag-Erling Smorgrav wrote: > > "David G. Andersen" <dga@pobox.com> writes: > > > You've been hacked. Do what Kris said immediately - take your > > > system offline, and figure out how they got in. You'll likely > > > need to either restore from backups, a fresh install, or check > > > your tripwire/etc logs to determine what else the intruder > > > changed, if they installed a rootkit, etc. > > > > It's not either/or. The only acceptable solution to this situation is > > a complete reinstall from a trusted source (e.g. original CD set). Just a though - do the cvs servers count as 'trusted'? How feasible would it be to cvsup and installworld? I'd personally go for reinstalling the compiler, cvsup binary, networking packages, etc from CD first - that probably wouldn't be enough, though, would it? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010419104819.A25707>